ParameterEnforcer (Atlassian Confluence 8.7.2 API)

java.lang.Object
- com.atlassian.confluence.impl.webapp.security.enforcer.ParameterEnforcer

All Implemented Interfaces:

SecurityEnforcer
```
public final class ParameterEnforcer
extends Object
implements SecurityEnforcer
```
Enforces validations on request parameters such as absence of path traversal sequences.

Since:

8.8

Field Summary
- Fields inherited from interface com.atlassian.confluence.impl.webapp.security.SecurityEnforcer
  LOGIN_PATH, NOT_PERMITTED_PATH

Constructor Summary

Constructors
Constructor Description

ParameterEnforcer()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`enforce(ConfluenceUser user, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`	Enforcement action that should be taken when `SecurityEnforcer.shouldEnforce(com.atlassian.confluence.user.ConfluenceUser, com.atlassian.confluence.impl.webapp.security.MappedAction, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)` returns `true`.
`boolean`	`shouldEnforce(ConfluenceUser user, MappedAction mappedAction, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`	Whilst Tomcat already decodes request parameters, there is potential for bad product code to re-decode them.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - ParameterEnforcer
```
public ParameterEnforcer()
```
- Method Detail
  - shouldEnforce
```
public boolean shouldEnforce(ConfluenceUser user,
                             MappedAction mappedAction,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
```
    Whilst Tomcat already decodes request parameters, there is potential for bad product code to re-decode them. We thus preempt such re-decoding to ensure that no multi-encoded forbidden character sequences exist.
    
    Specified by:
    
    shouldEnforce in interface SecurityEnforcer
    
    Returns:
    
    true if the request contains forbidden request parameters
  - enforce
```
public void enforce(ConfluenceUser user,
                    javax.servlet.http.HttpServletRequest request,
                    javax.servlet.http.HttpServletResponse response)
             throws IOException
```
    Description copied from interface: SecurityEnforcer
    
    Enforcement action that should be taken when SecurityEnforcer.shouldEnforce(com.atlassian.confluence.user.ConfluenceUser, com.atlassian.confluence.impl.webapp.security.MappedAction, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) returns true.
    
    Specified by:
    
    enforce in interface SecurityEnforcer
    
    Throws:
    
    IOException